packages/glibc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!674 time: strftime_l: Avoid an unbounded alloca.

Browse Source 
From: @chenhaixaing 
Reviewed-by: @liqingqing_1229 
Signed-off-by: @liqingqing_1229
This commit is contained in:
openeuler-ci-bot 2023-08-30 06:17:07 +00:00 committed by Gitee
commit 6be0c886d6
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 80 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
glibc.spec
View File

@ -70,7 +70,7 @@
##############################################################################
Name: glibc
Version: 2.34
Release: 131
Release: 132
Summary: The GNU libc libraries
License: %{all_license}
URL: http://www.gnu.org/software/glibc/
@ -272,6 +272,7 @@ Patch181: backport-elf-Make-more-functions-available-for-binding-during.patch
Patch182: backport-elf-fix-handling-of-negative-numbers-in-dl-printf.patch
Patch183: backport-rtld-properly-handle-root-directory-in-load-path-bug-30435.patch
Patch184: time-Fix-use-after-free-in-getdate.patch
Patch185: time-strftime_l-Avoid-an-unbounded-alloca.patch
Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch
Patch9001: delete-no-hard-link-to-avoid-all_language-package-to.patch
@ -1495,6 +1496,9 @@ fi
%endif
%changelog
* Tue Aug 29 2023 chenhaixiang<chenhaixiang3@huawei.com> - 2.34-132
- time: strftime_l: Avoid an unbounded alloca.
* Mon Aug 14 2023 zhanghao<zhanghao383@huawei.com> - 2.34-131
- resolv_conf: release lock on allocation failure (bug 30527)

75
time-strftime_l-Avoid-an-unbounded-alloca.patch Normal file
View File

@ -0,0 +1,75 @@
From 79b2667d1eb06c6503c22f2f323c1c574ac5917b Mon Sep 17 00:00:00 2001
From: Joe Simmons-Talbott <josimmon@redhat.com>
Date: Tue, 23 May 2023 15:41:29 -0400
Subject: [PATCH] time: strftime_l: Avoid an unbounded alloca.
Avoid possible stack overflow by removing alloca() and converting to
wide characters within the buffer.
Conflict: NA
Reference: https://sourceware.org/git/?p=glibc.git;a=commit;h=79b2667d1eb06c6503c22f2f323c1c574ac5917b
Suggested-by: Paul Eggert <eggert@cs.ucla.edu>
---
time/strftime_l.c | 39 +++++++++++++++++++++++++--------------
1 file changed, 25 insertions(+), 14 deletions(-)
diff --git a/time/strftime_l.c b/time/strftime_l.c
index 402c6c4111..3901bd79da 100644
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -267,15 +267,6 @@ static const CHAR_T zeroes[16] = /* "0000000000000000" */
# undef __mbsrtowcs_l
# define __mbsrtowcs_l(d, s, l, st, loc) __mbsrtowcs (d, s, l, st)
# endif
-# define widen(os, ws, l) \
- { \
- mbstate_t __st; \
- const char *__s = os; \
- memset (&__st, '\0', sizeof (__st)); \
- l = __mbsrtowcs_l (NULL, &__s, 0, &__st, loc); \
- ws = alloca ((l + 1) * sizeof (wchar_t)); \
- (void) __mbsrtowcs_l (ws, &__s, l, &__st, loc); \
- }
#endif
@@ -1342,11 +1333,31 @@ __strftime_internal (CHAR_T *s, size_t maxsize, const CHAR_T *format,
#ifdef COMPILE_WIDE
{
/* The zone string is always given in multibyte form. We have
- to transform it first. */
- wchar_t *wczone;
- size_t len;
- widen (zone, wczone, len);
- cpy (len, wczone);
+ to convert it to wide character. */
+ size_t w = pad == L_('-') || width < 0 ? 0 : width;
+ char const *z = zone;
+ mbstate_t st = {0};
+ size_t len = __mbsrtowcs_l (p, &z, maxsize - i, &st, loc);
+ if (len == (size_t) -1)
+ return 0;
+ size_t incr = len < w ? w : len;
+ if (incr >= maxsize - i)
+ {
+ errno = ERANGE;
+ return 0;
+ }
+ if (p)
+ {
+ if (len < w)
+ {
+ size_t delta = w - len;
+ __wmemmove (p + delta, p, len);
+ wchar_t wc = pad == L_('0') || pad == L_('+') ? L'0' : L' ';
+ wmemset (p, wc, delta);
+ }
+ p += incr;
+ }
+ i += incr;
}
#else
cpy (strlen (zone), zone);
--
2.23.0